If i use Let's Encrypt acme tlsChallenge for traefik proxy... is it save to up and down docker clients arbitrary times w/o running into Let's Encrypt rating limits?
Or would this only happen when I up and down (start and stop) the traefik container itself?
Could I change (easily) caServer in certificatesResolvers to https://acme.zerossl.com/v2/DV90 i.e.?
Or is there more to do if I want to use zeroSSL insteadt of Let'sEncrpyt?
Hello @zanzara,
When you create/remove docker applications, Traefik will request certificates and maintain them even if the application is not running, or it is restarted, etc.
If you do not persist your acme.json file to your disk using a volume or mount, then traefik will lose the certificates and will re-request them all, possibly hitting rate limits.
It is that easy, however if you change your issuer to a different service, please be aware that the certificates that have already issued will not be re-requested from the new issuer. It would be advisable to back up your acme.json file, then empty it completely, and have Traefik re-request all certificates from the new issuer.
This also applies if you are using the staging Let's Encrypt endpoint to test with, and want to move to use the production/live endpoint.
@daniel.tomcej Thanks.
But unfortunately it did not work. For acme zeroSSL usage one needs to add the EAB credentials too, I've learned now.
But my clients get an unvalid cert, except the api.interface. This one is a valid zeroSSL.
The clients not, although the api desk shows me a green TLS icon and the service is even listening on the right port.
What do I am missing or doing wrong?
Btw: Must be the routers name of traefik.http.routers.<name>.rule identically the same as the docker-compose.yml services name? Or is this free to choose?
Edit2: Does traefik.port= overwrite always the exposed port of the client's container?